0c7efb95b83a40e60c5d614337e753bfa696b472ece810bf2f98c6299537ac7e | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 16:06

Sharing

Report Analysis Logs

General

Target

04e14b4d4f6cf5a81b3c2b12489b3574.dll
Size

580KB
MD5

04e14b4d4f6cf5a81b3c2b12489b3574
SHA1

f905bed4a23c7cbfdce25494620aec268353910d
SHA256

0c7efb95b83a40e60c5d614337e753bfa696b472ece810bf2f98c6299537ac7e
SHA512

3acbcc3ed55ace7e900cfb07d098248c7e5f1ee2e27bc85f2e0d845bc06702cef90011ea6f86017808753ddc13a8397ab6d676be9fa78ef2a3af8afd3c9921a8
SSDEEP

12288:nP1o2Fvn5WFHAiBY16LUizvAgxnnumXSAAbR5:P1PnQFU6LUizA0numX5Abf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28
PID 1528 wrote to memory of 852	1528	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e14b4d4f6cf5a81b3c2b12489b3574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e14b4d4f6cf5a81b3c2b12489b3574.dll,#1
  2⤵
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/852-0-0x0000000000830000-0x00000000008B4000-memory.dmp

Filesize
528KB

Download